Fraudulent transactions involving the most popular mobile wallets have been on the rise recently, and unfortunately Revolut is also heavily affected by this problem.
In a nutshell: The malicious software called Financial RAT can monitor the users’ computer, waiting for them to enter card details when making a purchase online. In addition, it also monitors whether the computer has SMS mirroring turned on, and if not, silently turns it on (to circumvent two-factor authentication). Last but not least, it keeps a log of when the user is typically inactive.
With the information obtained, card details, and SMS for two-factor authentication, fraudsters can easily add any Revolut card to an Apple or Google Pay wallet, and then make unlimited purchases from the available Revolut balance at some specific merchants on the darkweb. As the mobile wallets in question require a passcode or biometric identification for each transaction, Revolut’s fraud analysis system is much more lax in checking transactions made with Apple/Google Pay.
In contrast to some other financial service providers (e.g. Monese), Revolut does not send any other notification (via email or push) to the user other than the mentioned 2FA SMS after the card is added to an Apple/Google Pay wallet. In addition, Revolut cards cannot be set to a daily purchase limit, much to the delight of fraudsters.
Yes, that can be a safe solution in many cases, but what if you need to add a standard, non-single use card to any subscription service (like Netflix) or to PayPal, for example?
I think Revolut should send more extensive security notifications to its customers when a card is added to an Apple or Google Pay wallet.
case of damned if you do and damned if you don’t it seems.
There was a comment in another topic suggesting that notifications about account activity be disabled…
Not a good idea in my estimation. Notifications are soo important to maintain control of your account.
We discourage any use of RAT (remote access tools) to customers where I work (UK bank), as this sort of stuff is possible. Whether it be pc or mobile, we ask customers to reconsider having it on the same device as their banking app/logins.
Do I understand correctly that the malicious software called Financial RAT is installed on a PC / Desktop ? Or is software like this available in the Google and Apple stores for mobile devices ?
Remote Administration Tools are a very common tool for all kinds of fraud. Those spam emails telling you your Norton software is expired and you should renew it immediately often rely on it as well. Someone at some point convinces you to install it, during a phone call for example. Or it’s installed without your knowledge and you’re tricked into giving it access to your system. Many phone scams work with this. Team Viewer for example is a RAT tool. There are of course legitimate use cases for RAT, like remote support.
RAT tools are available for all desktop and mobile software platforms. But it’s easier to pull it off on desktop computers.
Remote Access Trojans are also called RAT. Trojans can be installed in a number of ways. Downloads, torrent files, email attachments … and also rely to some extend on the user to actively granting the software access. They might allow to change settings, monitor user behaviour, copy and delete files, access network resources, use the internet bandwidth for criminal activity. Desktops are historically more affected, but there are a number of known trojans for Android as well. Some banking apps on Android for example don’t allow screenshots because it’s a security risk.
Revolut Ltd (No. 08804411) is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 (Firm Reference 900562)..
Registered address: 7 Westferry Circus, Canary Wharf, London, England, E14 4HD.
Insurance related-products are provided by Revolut Travel Ltd which is authorised by the Financial Conduct Authority to undertake insurance distribution activities (FCA No: 780586) and by Revolut Ltd, an Appointed Representative of Revolut Travel Ltd in relation to insurance distribution activities. Revolut Ltd is an Appointed Representative of Lending Works Ltd for the activity of “operating an electronic system for lending”. Trading and investment services are provided by Revolut Trading Ltd (No. 832790). Revolut Trading Ltd is an appointed representative of Sapia Partners LLP (No 550103) which is authorised and regulated by the Financial Conduct Authority. Revolut Trading Ltd is a wholly owned subsidiary of Revolut Ltd.
